...
Download the WSO2 Identity Server.
Replace your keystore file path, keystore password, trust store file path and trust store password (you can use the keystore and truststore, which you created under the Working with Certificate section) in the following configuration and add it to
<IS_HOME>/repository/conf/tomcat/catalina-server.xml
file.Code Block language xml <Connector protocol="HTTP/1.1" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/path/to/keystore.jks" keystorePass="keystorepwd" truststoreFile="/path/to/truststore.jks" truststorePass="truststorespassword" bindOnInit = "false" clientAuth="want" sslProtocol="TLS"/>
Note - To function properly, this connector should come first in the order. Otherwise, when mutual SSL takes place, the already existing connector (9443) will be picked up and the certificate will not be retrieved correctly.
- The
clientAuth
attribute causes the Tomcat to require the client with providing a certificate that can be configured as follows.true
: valid client certificate required for a connection to succeedwant
: use a certificate if available, but still connect if no certificate is availablefalse
: no client certificate is required or validated
- The
truststoreFile
attributes specifies the location of the truststore that contains the trusted certificate issuers.
Download the authenticator .jar file and the artifacts from the WSO2 store.
Place the
authenticator
.jar
file in the<IS_HOME>/repository/components/dropins
directory.Note If you want to upgrade the X509 Certificate Authenticator in your existing IS pack, please refer upgrade instructions.
Place the
x509certificateauthenticationendpoint.war
file in the<IS_HOME>/repository/deployment/server/webapps
directory.
...